CVE-2020-14171
First published: Thu Jul 09 2020(Updated: )
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Bitbucket | >=4.9.0<7.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Bitbucket Server vulnerability?
The vulnerability ID for this Bitbucket Server vulnerability is CVE-2020-14171.
What is the severity of CVE-2020-14171?
The severity of CVE-2020-14171 is medium with a CVSS score of 6.5.
What is the affected software version range for CVE-2020-14171?
The affected software version range for CVE-2020-14171 is from version 4.9.0 before version 7.2.4.
How does CVE-2020-14171 allow remote attackers to exploit the vulnerability?
CVE-2020-14171 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.
Is there a fix available for CVE-2020-14171?
Yes, it is recommended to upgrade Bitbucket Server to version 7.2.4 or later to fix CVE-2020-14171.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian bitbucket
- version/atlassian bitbucket/4.9.0